ADB MCP Server Vulnerability

The ADB MCP Server is a tool for interacting with Android devices through ADB. It allows users to execute commands on the device remotely, but due to a command injection vulnerability, an attacker can inject malicious commands and gain unauthorized access to the device.

You're affected if you use ADB MCP Server. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

To fix the vulnerability, upgrade to a patched version of ADB MCP Server. Unfortunately, there isn't a public patch link available, so you'll need to contact the vendor directly for assistance.

Immediate mitigations:

• Restrict network access to your ADB MCP Server instance (firewall it from the public internet)
• Audit admin account activity for suspicious access patterns
• Monitor for unauthorized token creation

• github.com
• Patch
• Vendor Advisory
• Vendor Advisory